Year VIII, No.9/2009 189
THE EVALUATION OF THE INTERNAL AUDIT RISK
REGARDING PUBLIC PROCUREMENTS
Lect. Iulian Bogdan DOBRA, PhD Student University of Alba Iulia ”1 Decembrie 1918”
From the six types of procedures that assign the public procurements’ contracts, this paper wants to highlight the risk evaluation only for The public procurements carried out through demands of supply. The procurements carried out through electronic auctions were not treated within this paper.
Evaluating the risks is part of the operational process and must identify and examine the internal and external factors which could negatively impact the objectives of the organization1.
The risk analysis must cover the entire range of risks found within the entity, that is why it must be taken into account that the work procedures are kept at all levels of the hierarchy, especially at the top.
The evaluation process must discover the measurable and non-measurable risks, such as the operational risks, and must select the controllable risks.
Management can identify the risks and their evolution at the level of the entity with the help of a set of activities that organize, lead and manage and activities of pre-established control (through the specific department). The internal audit structure is an independent structure and resumes the analysis of the risks established by the management in order to evaluate the control system or the work procedures.
Internal auditors must report the results of their work to the general management and any significant weakness discovered during the audit mission. But, on the other hand, we must not forget that auditors also face a risk, such as the detection risk, called the audit risk. Therefore, the internal auditor must consider the audit risk at the level of
1
GHI M., - ”Auditul Intern”, Editura Economic , Bucharesti, 2004, pag. 118;
each operation as being an auditable object so that a low number of remained material errors are recorded.
Treating the risk must take into account their division into three large categories, according to the international audit standards:
a) Inherent risk – which emphasizes the situation when a material error can occur. The inherent risks are represented by the sum of risks that the entity faces and they can be internal, external, measurable or non-measurable. At this level, the control activity and its capacity to detect misstatements are ignored. The entity encounters these risks through its activity and intercessions.
b) The control risk – shows that the internal control system of the entity can’t stop or correct possible errors. The control risks represent the undiscovered irregularities and errors during the control activity. The analysis of the control risks is done in accordance with the organization’ structure of the control system, the organization and application of the procedures, of the used IT system, etc. The auditor can’t change the control’s level and quality, but he can “influence it by making recommendations regarding the improvement, but this influence can manifest only after the audit and only if the management will take into account the made suggestions”2.
c) The detection risk – represents the situation when a material misstatement will not be detected by the auditors, and is also called the audit risk.
2
Unlike the inherent risk and the control risk, the detection risk can be “supervised” by the auditor through:
the adequate planning of the
audit mission;
the conformable establishing of the audit works’ nature, duration and spreading;
efficient audit procedures –
adapted, evaluated, etc.
The objectives, just as they are stipulated in the Methodological handbook of internal audit regarding the public procurement of supply, works and services (referred to as Handbook) assure us that:
the generally accepted principles within the European Union were taken into account when making a decision:
o the free competition principle implies ensuring conditions for every supplier of products, services or work executor, no matter the nationality, to have the right to become a contractor, within the conditions of the law;
o the principle of the efficient use of public funds implies applying the economic criteria to award the public procurement contract within the competition system.
o the transparency principle
implies putting at the disposal of those who are interested all the information regarding the procedures followed to award a public procurement contract;
o the equal treatment principle implies applying in a non-discriminatory manner the selection criteria for awarding a public procurement contract;
o the confidentiality principle implies guaranteeing the commercial
secret and the right to intellectual property of the tenderer.
the acquisition activity is well known and mastered from the beginning and launching phases to the final reimbursements;
the Annual program of public procurements is adequate to the real, valid, foreseen in the budget and scheduled needs;
the recordings are exhaustive; the documents are accurately certified and recorded;
the expenses correspond to a provided service;
the functionality of the internal control system.
Next, we want to emphasize the risk measurement with the help of the risk assessment matrix. It is known that the risk assessment (analysis) activity represents an essential component of management and must be done constantly. It includes the following stages: identifying the auditable objects, establishing the risk for each auditable object, assessing the risks, classifying the risks, establishing the internal control and placing the risks on a hierarchy.
At the level of the risk assessment stage we will try to highlight the assessment criteria and the weights of the risk regarding: the financial impact, the occurrence probability and the level of the internal control (the implementation degree of the specific control procedures).
According to the Handbook, the audit mission for the public procurement activity has a List of auditable objects
for the demands of supply that includes the following:
Table no. 1 List of auditable objects for the public procurement activity
Nr. Crt
.
Objectives (O.) Auditable objects (Ob.) Observations
1.
Preparing the procedure for awarding public procurements contracts (O.1)
The market study, creating its own data base ; Writing and transmitting the Documentation necessary for the elaboration and presentation of the supply (DEPO) ;
Establishing the evaluation commissions.
2.
Launching the procedure for awarding public procurements contracts (O.2)
The announcement/invitation to participate The right to demand clarifications at DEPO
Year VIII, No.9/2009 191
procedure for awarding public procurements contracts (O.3)
Examining and evaluating the tenders in order to establish the winner of the public procurement contract;
Signing the public procurement contract; The public procurement file.
Source: An internal audit mission handbook for the public procurement activity, elaborated by U.C.A.A.P.I.
In the second stage of the risk analysis procedure, called Risk identification, the association of the significant risks with the operations established in the List of auditable objects takes place. Usually, the internal auditors associate one or more
theoretical risks to auditable objects, based on what was determined from the collected documents or from the practical risks emerged from its own experience. The handbook stipulates the following categories of risks specific to every auditable object:
Table no. 2 Identifying the risks of the auditable objects for the public procurement activity
Nr.
Crt. Auditable objects Significant risks (Rs.) Observations
O.1.
The market study, creating its own data base (Ob.1.1) ; Writing and
transmitting the Documentation necessary for the elaboration and presentation of the supply (DEPO) (Ob.1.2); Establishing the
evaluation
commissions.(Ob.1.3)
An insufficient information system, which doesn’t allow going over the representative tenders (Rs.1.1.1) ; DEPO doesn’t observe the conformity conditions (Rs.1.2.1) ;
DEPO includes specifications written in the favour of a certain economic agent (Rs.1.2.2);
The decision to name an evaluation commission doesn’t meet the conformity conditions (Rs.1.3.1);
The members of the evaluation commission don’s have professional training and relevant experience in this area (Rs.1.3.2);
There is an incompatibility between the members of the evaluation commission and the tenderers (not all the confidentiality and impartiality statements are signed) (Rs.1.3.3);
Establishing a single evaluation commission to award more contracts of public procurement (Rs.1.3.4).
O.2.
The
announcement/ invitation to participate (Ob.2.1)
The right to demand clarifications at DEPO (Ob.2.2).
The announcement/invitation to participate doesn’t observe the conformity conditions (Rs.2.1.1);
The invitation to participate is sent by chance, without a previous selection of the market (Rs.2.1.2);
Sending a single invitation (Rs.2.1.3);
The answer deadlines at the clarifications’ demands are not hold (Rs.2.2.1);
The clarifications and additions written by DEPO are not transmitted to all the tenderers who received the initial documentation (Rs.2.2.2).
O.3.
Opening and assorting the tenders (Ob.3.1)
Examining and evaluating the tenders in order to establish the winner of the public procurement contract (Ob.3.2);
The minute of the tenders’ opening doesn’t observe the conformity conditions (Rs.3.1.1);
The submitted tender doesn’t meet the demands stipulated by DEPO (Rs.3.1.2);
Accepting tenders which are not qualified (Rs.3.1.3); The submitted tender is not accompanied by the proof of
a warrantee for participation, when necessary (Rs.3.1.4); The evaluation of the tenders is not done in accordance
with the terms stipulated in the specification (Rs.3.2.1); The erroneous establishing of the tenders’ top
(Rs.3.2.2) ;
The evaluation report for the tender and the proposal to award the contract don’t comply with the conformity conditions (Rs.3.2.3)
The evaluation’s result is not communicated to the participants (Rs.3.2.4)
Signing the public procurement contract (Ob.3.3);
The public procurement file (Ob.3.4).
The contract is not signed with the tenderer who won the procedure (Rs.3.3.2) ;
The existence of differences between the terms stipulated in the specification and the ones in the closed procurement contract (Rs.3.3.3);
The performance bond is under the imposed level or is not formed (Rs.3.3.4) ;
The public procurement file doesn’t observe the conformity conditions (Rs.3.4.1) ;
Destroying the public procurement file before the minimum limit of the legal deadline (Rs.3.4.2) ;
Keeping the files in inadequate locations and/or conditions (Rs.3.4.3)
Source: An internal audit mission handbook for the public procurement activity, elaborated by U.C.A.A.P.I.
The next stage of the risk analysis procedure is called Risk assessment, a stage where the weights and the level of the risk assessment are set, depending on the importance and the gravity of the risk factors.
In order to ease establishing the weight of the risk factors (Pi), is more useful to mark in the third stage every auditable object with its corresponding specific risk with a certain simplified notation (for example: Ob. 1.1, Rs.1.1.1, Ob.i.1, Rs.i.1.1).
The handbook mentions the following risk factors, weights and assessment levels as follows:
a) the risk factors (Fi): F1 – the internal control assessment, F2 – the quantitative assessment, F3 – the qualitative assessment;
b) the weight of the risk factors (Pi): P1 – the weight of the internal control assessment (of the internal control procedures), which is 55%, P2 – the weight of the quantitative assessment, which is at 25%, P3 – the weight of the qualitative assessment, which is 20%;
c) the risk assessment levels (Ni): N1 – low risk level, N2 – medium risk level, N3 – high risk level.
Therefore, the calculus relation of the total score for assessing the size of the risk is:
n
Pt = Σ (Pi x Ni) i=1
where:
Pt – total score;
Pi – the weight of the risk for each
factor;
Ni – the risk assessment level for
each used factor
i – the used risk factors n – the number of the used risk
factors
In order to assess the risks for auditable objects, which are corresponding to the public procurement activity, we suggest the following criterion to settle the risk factors, the weights and the risk assessment level:
a) To assess the internal control (F1), the number one objective (Ob. 1) and the third objective (Ob. 3) respectively, must have a 60% weight of the risk factors and the second objective (Ob. 2) must have a 55% weight. We think that higher weights for the two objectives (Ob.1& Ob.3) are justified because of the importance of the auditable objects and of the risks associated to these objectives for the public procurement activity.
b) The qualitative assessment is done for all the objectives with a 35% weight of the risk factors, which is associated with the quantitative assessment (F2). A higher weight of the risks than the one in the Handbook was established because of the meaning of the financial impact over the public procurement activity.
c) For the number one and number three objectives was considered a 5% weight of the risk factors, and a 10% weight for objective number two, which is associated to the qualitative assessment (F3).
The total score for each objective (Table no. 3), each auditable object and significant risk was determined with the formula:
Year VIII, No.9/2009 193
.1.
.
Pt3.4.3=Pci3.4.3xNci3.4.3+
n
Pt = Σ (Pi x Ni)=>
Pt1.1.1=P 1ci 1xN
ci1.1.1+Pq1.1.1xNq1.1.1+Pc1.1.1xNc1.1.1
i=1
Pt1.2.1=Pci1.2.1xNci1.2.1+Pq1.2.1xNq1.2.1+Pc1.2.1xNc1.2.1
……… Pq3.4.3xNq3.4.3+Pc3.4.3xNc3.4.3
Pt – total score;
Pci – the weight of the risks for the
internal control assessment;
Pq – the weight of the risks for the
quantitative assessment;
Pc – the weight of the risks for the
qualitative assessment;
Nci – the risk assessment level for
internal control;
Nq – the risk assessment level for
the quantitative assessment;
Nc – the risk assessment level for
the qualitative assessment;
Table no. 3 Assessing the audit e public procurement
ity
able objects’ risk for th activ
Internal control assessment F1
Quantitative assessment
F2
Qualitative assessment
F3
Nr.
crt. Significant risks (Rs.)
Pi afferent
Rs 55% sau 60% Ni (1,2 or 3) Pi afferent Rs 35% Ni (1,2 or 3) Pi afferent Rs 5%sau 10% Ni (1,2 or 3) Total score 1 onformity conditions (Rs.1.3.1);
The members of the evaluation commission don’s have professional training and relevant exp
An insufficient information system, which doesn’t allow going over the representative tenders (Rs.1.1.1) ;
DEPO doesn’t observe the
conformity conditions (Rs.1.2.1) ;
DEPO includes specifications written in the favour of a certain economic agent (Rs.1.2.2);
The decision to name an evaluation commission doesn’t meet the c
erience in this area (Rs.1.3.2);
There is an incompatibility between the members of the evaluation commission and the tenderers (not all the confidentiality and impartiality statements
,6
are signed) (Rs.1.3.3);
Establishing a single evaluation commission to award more contracts of
0,60 public procurement (Rs.1.3.4). P1.1.1= ,60 = ,60 = = ,60 = ,60 = 0 = .1.1= .2.1= .2.2= .2.3= .1.1= .1.1= .1.1= 2 = ,35 = = ,35 = ,35 = ,35 = ,35 = 0,35 .1.1= .2.1= .2.2= .2.3= .1.1= .1.1= .1.1= 1 = ,05 = = ,05 = ,05 = ,05 = ,05 = 0,05 .1.1= .2.1= .2.2= .2.3= .1.1= .1.1= .1.1= 1 ,65 ,25 ,25 ,65 ,60 ,00 1,60 0 P1.2.1 0 P1.2.2 0,60 P1.2.3 0 P1.1.1 0 P1.1.1 0 P1.1.1 N1 2 N1 3 N1 3 N1 2 N1 2 N1 1 N1 P1.1.1 0 P1.2.1 0,35 P1.2.2 0 P1.2.3 0 P1.1.1 0 P1.1.1 0 P1.1.1 N1 1 N1 1 N1 1 N1 1 N1 1 N1 1 N1 P1.1.1 0 P1.2.1 0,05 P1.2.2 0 P1.2.3 0 P1.1.1 0 P1.1.1 0 P1.1.1 N1 2 N1 2 N1 2 N1 2 N1 1 N1 1 N1 1 2 2 1 1 1 2
The announcement/invitation to participate doesn’t observe the conformity conditions (Rs.2.1.1);
Sending a single invitation
mands are not
initial documentation (Rs.2.2.2). = ,55 = 5 = 55 .1.3= .2.1= .2.2= = ,35 = ,35 = ,35 .1.3= .2.1= .2.2= = ,10 = ,10 = ,10 .1.3= .2.1= .2.2= ,65 ,45 ,55 (Rs.2.1.3);
The answer deadlines at the clarifications’ de
hold (Rs.2.2.1);
The clarifications and additions written by DEPO are not transmitted to all the tenderers who received the
,5 , P2.1.3 0 P2.2.1 0 P2.2.2 0 N2 3 N2 3 N2 2 P2.1.3 0 P2.2.1 0 P2.2.2 0 N2 2 N2 2 N2 1 P2.1.3 0 P2.2.1 0 P2.2.2 0 N2 3 N2 1 N2 1 2 2 1 3
The minute of the tenders’ opening doesn’t observe the conformity conditions
by DEPO hen the tenders’ top rmity the rmity rement r conditions legal nd/or = ,60 = 0 = ,60 = = = ,60 = ,60 = ,60 = ,60 = = ,60 = ,60 = 60 = ,60 = 1.1= .1.2= .2.2= .1.4= .2.1= .2.2= .2.3= .2.4= .3.1= .3.2= .3.3= .3.4= .4.1= .4.2= .4.3= = ,35 = ,35 = ,35 = ,35 = ,35 = ,35 = ,35 = ,35 = ,35 = ,35 = ,35 = ,35 = ,35 = ,35 = 1.1= .1.2= .2.2= .1.4= .2.1= .2.2= .2.3= .2.4= .3.1= .3.2= .3.3= .3.4= .4.1= .4.2= .4.3= = ,05 = ,05 = ,05 = ,05 = ,05 = ,05 = ,05 = ,05 = ,05 = ,05 = ,05 = ,05 = ,05 = ,05 = .1.1= .1.2= .2.2= .1.4= .2.1= .2.2= .2.3= .2.4= .3.1= .3.2= .3.3= .3.4= .4.1= .4.2= .4.3= ,60 ,40 ,60 ,00 ,60 ,00 ,60 ,00 ,60 ,00 ,00 ,00 ,00 ,00 1,00 (Rs.3.1.1);
The submitted tender doesn’t meet the demands stipulated
,6
(Rs.3.1.2);
Accepting tenders which are not qualified (Rs.3.1.3); The submitted tender is not
accompanied by the proof of a warrantee for participation, w
,60
necessary (Rs.3.1.4); The evaluation of the
tenders is not done in accordance with the terms stipulated in
,60
specification (Rs.3.2.1); The erroneous establishing
of the (Rs.3.2.2) ;
The evaluation report for the tender and the proposal to award the contract don’t comply with the confo conditions (Rs.3.2.3) The evaluation’s result is
not communicated to participants (Rs.3.2.4) Closing the acquisition
contract doesn’t comply with the confo conditions (Rs.3.3.1) The contract is not signed
with the tenderer who won the procedure (Rs.3.3.2) ; The existence of
differences between the terms stipulated in the specification and the ones in the closed procu
,60
contract (Rs.3.3.3);
The performance bond is under the imposed level o is not formed (Rs.3.3.4) ; The public procurement file
doesn’t observe the conformity
(Rs.3.4.1) ;
Destroying the public procurement file before the minimum limit of the
,
deadline (Rs.3.4.2) ;
Keeping the files in inadequate locations a
Year VIII, No.9/2009 195
conditions (Rs.3.4.3) 0,60 1 0,35 1 0,05 1
Used terms
The public procurement process
represents the set of activities which are carried out in order to award, close and execute a contract of public procurement, which ensures the definitive or temporary acquirement of products, works or servic
contra
tion, including the l
r under
interest, without a
runs a vities relevant in one of the
rgy, transpo
a supplier
public
or more works of
not defined
tallation, repairs, and even de
fulfil a technical-economic function. es.
The public procurement contract is a legal act with onerous title, closed in written form, between the
cting authority and the contractor.
The contracting authority is any: public authority, as defined by
the Constitu egal
one or more services.
Product – any physical object or good, included in CPSA, which is authorities;
public institution of local or general interest, autonomous o
the control of a public authority;
legal person, other than the ones mentioned above, which was founded to run activities of public
commercial feature;
legal person of private right who
sectors of public utilities – water, ene rt and telecommunications.
The contractor is any person or corporate body, of private right, Romanian or foreign, who was given a public procurement contract, as
, work executor or provider.
The object of the procurement contract can be:
one or more products;
one
construction;
cti
as being a service or a work.
Service – any activity whose result is non-material, such as: maintenance, ins
signing.
Work – any construction
activities or any combination of them, which leads or not to a result meant to
Cosserat G. W. Modern Auditing, 2nd edition, John Wiley & Sons, Ltd., England, 2005;
REFERENCES
Genete L. D. Evaluarea riscului în auditul financiar contabil. Metode cantitative şi metode calitative, ANALELE ŞTIIN IFICE ALE UNIVERSIT II „ALEXANDRU IOAN CUZA” DIN IAŞI,Tomul LII/LIII Ştiin e Economice 2005/2006;
Ghi M. Auditul Intern, Editura Economic , Bucureşti, 2004;
